Re: BCC email virus

From: Meritt James (meritt_james@bah.com)
Date: 02/14/02


Date: Thu, 14 Feb 2002 13:17:22 -0500
From: "Meritt James" <meritt_james@bah.com>
To: John Daniele <johnd@tsintel.com>

Right. That is a way they may be run. Don't do that. Not that big a
thing to modify your own configuration.

V/R

Jim

John Daniele wrote:
>
> > Why just don't run emailed executables?
>
> Because for as long as you are running an email client that interprets
> vb/java/lotus/*scripting code, you are at risk. There have been cases
> where executable code is automatically run simply by clicking on the
> message as opposed to running it manually. I've also seen one one case
> where the executable was executed accidently by buggy code implemented
> as a part of the email client's export-attachment function.
>
> ----------------------------------
> John Daniele
> Technical Security & Intelligence
> Toronto, ON
> Voice: (416) 605-2041
> Email: johnd@tsintel.com
> Web: http://www.tsintel.com
> ----------------------------------

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566



Relevant Pages

  • Re: BCC email virus
    ... So why not simply disable the association to interpreters (including ... John Daniele wrote: ... >> Why just don't run emailed executables? ... > where executable code is automatically run simply by clicking on the ...
    (Security-Basics)
  • Re: BCC email virus
    ... > So why not simply disable the association to interpreters (including ... >>> Why just don't run emailed executables? ... >> Because for as long as you are running an email client that interprets ... >> where executable code is automatically run simply by clicking on the ...
    (Security-Basics)
  • Re: Introduction to C using lcc-win
    ... reasons for the proliferation of malware on Windows. ... To be precise, .scr screen saver files have always been executables, ... And there are worse examples - it is possible to put executable code within a font file in windows! ... the extension and then open the file to see what happens or rename a ...
    (comp.lang.c)
  • Re: how to write C program that copys its self onto the hard drive, while its running?
    ... i.e., the official Unix specification) language about this situation, ... dealing with which version of a swapped-out page that is to be read in ... Some systems consider *any* writing on executable code to be symptomatic ... A stronger example would be that executables that aren't ...
    (comp.lang.c)
  • Re: Introduction to C using lcc-win
    ... reasons for the proliferation of malware on Windows. ... Self-extracting archives are, in fact, executables. ... many other file types that also may contain executable code. ...
    (comp.lang.c)